AWS data transfer pricing: $4.6M over two years.

The customer ran a global streaming video platform with substantial egress through CloudFront, a heavy Direct Connect footprint into seven on-premise encoding facilities, and a meaningful inter-region replication load between us-east-1, eu-west-1, and ap-northeast-1. The combined networking and data transfer line item was running at $6.8M annually, equal to about 22% of total AWS spend. Engineering had pushed several internal projects to reduce the cost, including a CloudFront cache-hit-ratio improvement program that had moved the needle by about 6% but was hitting diminishing returns.

The CloudFront PPA overlay in place had been signed two years earlier when the customer's egress was about a third of current volume. The discount tier no longer reflected actual scale. The Direct Connect contracts were on a mix of dedicated and hosted connections across three colocation partners, with no aggregated commercial framework and no commitment-discount structure even though combined DX port commitments would have qualified for one. Inter-region transfer was at full standard rates, with no PrivateLink consolidation and no peered-VPC alternative architecture even though the technical requirements would have supported either.

What the customer needed

• A CloudFront PPA refresh at the new egress scale, ideally with regional rate differentiation
• An aggregated Direct Connect commercial framework across the three colocation partners
• An inter-region transfer alternative for the largest replication flows
• An EDP overlay covering the entire networking line, not just compute and storage

Drawing on $2.4B+ AWS spend reviewed and 500+ engagements, we treated this as a four-component negotiation: CloudFront PPA, Direct Connect aggregation, inter-region architecture, and EDP networking overlay. Each component had a different AWS counterparty and a different optimal sequence.

Phase 1 — Traffic baseline and pricing benchmark (weeks 1-4)

The first phase built a traffic baseline at unusual granularity. We instrumented every CloudFront distribution to capture per-region egress and cache-hit ratios over a 60-day period. We mapped every Direct Connect circuit to its actual utilization, broken into baseline traffic, peak streaming windows, and inter-region replication. We then benchmarked the CloudFront PPA and DX commitment structures against eleven comparable media and streaming customers, three of which were known publicly to have negotiated specific CloudFront regional rate differentiation.

The benchmark established that the customer should be paying about 28% less on CloudFront at the new volume tier, that Direct Connect commitment discounts of 18% to 22% were available at the customer's aggregated DX port commit level, and that the largest inter-region replication flow could be moved to PrivateLink with a structural cost reduction of approximately 41% on that specific flow.

Phase 2 — Open the negotiation (weeks 5-8)

The opening ask had four components. Component one was a CloudFront PPA refresh with regional rate differentiation (lower rates for the largest egress regions, standard rates elsewhere). Component two was an aggregated Direct Connect agreement consolidating the three colocation partners under a single commit-discount framework. Component three was a PrivateLink architecture decision authorized at AWS solutions architecture level, with commercial terms for the new traffic shape. Component four was an EDP overlay extending the existing enterprise discount over the entire networking line.

AWS's initial counter accepted the CloudFront PPA refresh but at the lower discount tier, declined the DX aggregation as “not how Direct Connect is commercially structured,” deferred PrivateLink to a separate conversation, and proposed an EDP networking overlay at 50% of the existing EDP discount tier rather than full parity.

Phase 3 — Close (weeks 9-12)

The closing weeks moved each component to its appropriate AWS counterparty. The CloudFront PPA refresh closed with the AWS Edge organization at the requested regional differentiation, two weeks of legal redline included. The Direct Connect aggregation closed with AWS networking sales after we documented that the requested structure was equivalent to two known publicly-disclosed media-customer arrangements. The PrivateLink architecture was approved jointly with AWS solutions architecture and commercial terms were attached as an EDP amendment. The EDP networking overlay closed at full parity with the existing tier. The final agreement was countersigned 12 weeks after kickoff.

The restructured networking framework produced $4.6M in two-year savings against the pre-engagement trajectory. The savings represent 34% of the projected networking spend and divide cleanly into the four components negotiated.

Where the savings came from

• CloudFront PPA refresh — $2.0M from the new discount tier plus regional differentiation across the highest-egress regions
• Direct Connect aggregation — $1.1M from the aggregated commit-discount framework across the three colocation partners
• PrivateLink replication swap — $940K from migrating the largest inter-region replication flow off standard transfer pricing
• EDP networking overlay — $560K incremental EDP discount captured by extending the existing tier across the networking line

The performance preservation

Global delivery latency was instrumented continuously through the transition. The CloudFront PPA refresh involved no architectural changes — only commercial terms — so latency was unaffected. The Direct Connect aggregation similarly involved no underlying circuit changes. The PrivateLink swap required a controlled migration of the inter-region replication flow, which was executed over two weekends with no measurable impact on the downstream service-level objectives.

The structural protection

The most operationally valuable provision in the agreement is a CloudFront tier-protection clause that locks the new discount tier as the floor for the next PPA refresh. This protects the customer from the standard pricing reset that AWS applies when CloudFront agreements come up for renewal, and it preserves the leverage that the engagement created. Combined with the EDP networking overlay, the customer enters every subsequent networking conversation from a stronger position than the one we started in.